Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] simpler dissector architecture for "line based" procotols?

Date: Fri, 21 Oct 2011 15:22:44 -0400 (EDT)
After submitting patches for
 
 
I started thinking that there probably is a more general solution to implementing filtering for "line based" protocols (dissectors that look for /r/n and then display each "line" as an "item") .   There are more than a handful of protocols whose dissector has something close the following pseudo logic:
 
while (tvb_offset_exists)
{
  tvb_find_line_end(line_string)
  if (modern_dissector)
    proto_tree_add_item(line_string, ENC_ASCII|ENC_NA)
  else
    proto_tree_add_text(line_string) /* NOT FILTERABLE */
 
  parse_tokens(tokens[], line_string)
  while (tokens[])
  {
    if (modern_dissector)
      proto_tree_add_item(tokens[], ENC_ASCII|ENC_NA)
    else
      proto_tree_add_text(tokens[]) /* NOT FILTERABLE */
  }
}
 
 
The protocols use what I consider "low level" tvb_ functions to accomplish all of the "string manipulation".   Is there an easier way to accomplish this and the protocols (probably around since the Ethereal days) just haven't been updated?  Most of the dissectors aren't big to begin with and obviously vary on port used (TCP/UDP) and filter names, but otherwise have very similar logic.
 
Mike